A Web application is a Web-based application, which means any application program for which the user interface resides in a Web browser. It is a collection of some webpages and other resources for completing some tasks. A Web application is a product of typical client/server architecture. It enables clients and servers to communicate over network. The common message board, chat room, and bulletin board system (BBS) are all examples of Web applications. These applications, however, are relatively simple. The real core of Web applications is to handle data.
Referring to FIG. 1A, a model of a traditional Web application is shown. In a typical Web application, a user activity in the user interface (UI) in a browser of a client 100 can trigger a request, and the request is sent to a Web server 150. The server 150 performs some processing, such as retrieving data, handling data, interacting with various legacy systems, after receiving the request. Then the server 150 returns a page to the client 100 as a response. The client 100 may continue to perform the next user activity after receiving the response, thereby repeating the interaction process with the server 150. Such process is known as synchronous, i.e., the server 150 enforces the user to enter a submit-wait-redisplay process, making user activities synchronous with the processing time of the server 150. It can be seen from the time axis that the interaction process is sequential and always kept synchronous with the time axis. In FIG. 1A, the process of sending a request to the server 150 and returning a response by the server 150 is generally called as data transmission.
Referring to FIG. 1B, a model of a rich Web application using AJAX is shown. A rich Web application running on a client 100 communicates with a server 150 asynchronously by using the AJAX technique, without refreshing the entire page. The term AJAX is a shortening of “Asynchronous JavaScript And XML”, which is combined by some new technologies in a new manner. AJAX contains:                XHTML and CSS standard based presentation;        Document Object Model for dynamic display and interaction;        XMLHttpRequest for asynchronous communication with server;        JavaScript for binding everything.        
A Web application, which is dynamic and responds quickly, may be constructed with AJAX, so that the browser can provide users with more natural browsing experience. AJAX provides the ability of asynchronous communication with the server 150 so as to free users from the cycle of traditional request/response. With AJAX, the client 100 may perform processing on the client side through an AJAX engine 120 when a user activity (e.g. submitting a request, inputting) occurs in the user interface (UI) 110 of the browser, and update and display the UI of the browser right after the processing on the client side is completed. Meanwhile, the AJAX engine 120 makes an asynchronous request to the server 150 to perform the processing on the server side. When the response corresponding to the request is returned from the server 150, the client 100 can update the UI 110 accordingly through the AJAX engine 120 without refreshing the entire page. It is most important that users are even not aware of the browser on the client 100 being communicating with the server 150, so that the Web site looks like making an instant response. Therefore, the Web application can present the alteration to users without fully depending on reloading the page from the server. In the FIG. 1B, the process of sending a request to the server 150 and returning a response by the server 150 is generally called as data transmission.
Traditionally, since the browser of the client will refresh the entire page, a large amount of data is to be transmitted because the entire page must be sent again. If AJAX is used, the server may return a shorter message comprising some certain information instead of the entire page, and only a related part of the browser page, instead of the whole screen, is to be refreshed.
The core of AJAX is a JavaScript object XmlHttpRequest. It is a technique supporting asynchronous request. In brief, the object XmlHttpRequest allows client-side JavaScript to make an HTTP request to the server (which can be performed with the method GET or POST, but not limited to such two methods, for example, Head/PUT/DELETE) and process the response, without refreshing the page in the browser and without blocking the user. The detailed definition and description of the object XmlHttpRequest may be referred to the specification of W3C (World Wide Web Consortium) (http://www.w3.org/TR/XMLHttpRequest). The object XmlHttpRequest can be further used for requesting or sending any kind of data, more than just XML data.
In consideration of security, an AJAX-based rich Web application can only make access to resources in the current domain where the application locates, and cannot implement cross domain access. For example, AJAX in the site domain1.com can only make access to resources within this site, and cannot make cross domain access to resources in the site domain2.com. However, a Web application belonging to one certain domain sometimes wants to make an AJAX request to a server belonging to the other domain in order to invoke services or resources in the server. For example, a Web application wants to utilize external REST (Representational State Transfer) services, such as “Google suggest”, “Yahoo! Spell checking”, etc.; a Web application wants to utilize some remote corporate REST service available on the Intranet; a Web application wants to include news FEEDs from an external server (such as CNN); and a Web application wants to create a Mashup (a novel API integration application).
The above-mentioned cross domain access is restricted by the existing XmlHttpRequest implementations. Per default, requests are only allowed to be submitted to the server in the current domain where the application locates. This may prevent malicious AJAX codes served from one site from taking the user browser as a basis for attacking another site and may prevent critical information (such as usernames, passwords) on one site from revealing. Furthermore, this accords with the same-origin policy which is part of the JavaScript security model.
A rich Web application often needs to interact with a service from other domain. Especially in an SOA or Mashup environment, a rich Web application often needs to interact with multiple services from other domains, so that the ability of cross domain interaction becomes more important. But based on the above restrictions, a rich Web application is not allowed to interact with the services provided by other domains outside the domain where the application locates.